COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

Size: px
Start display at page:

Download "COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document"

Transcription

1 EUROPEAN COMMISSION Brussels, SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN PAPER on mobile Health ("mhealth") {COM(2014) 219 final} EN EN

2 Contents 1. INTRODUCTION 3 2. EU SAFETY AND PERFORMANCE REQUIREMENTS 3 3. APP USERS' RIGHTS RIGHT TO PRIVACY AND TO DATA PROTECTION OTHER RIGHTS CONSUMERS' RIGHTS DIRECTIVE RIGHTS ENSHRINED IN ECOMMERCE DIRECTIVE RIGHTS ENSHRINED IN UNFAIR COMMERCIAL PRACTICES DIRECTIVE 10 2

3 1. INTRODUCTION This Staff Working Document purports to give a non-exhaustive description of the EU legislation, which is applicable to lifestyle and wellbeing apps. This is a state of play of the applicable rules of EU legislation, since some issues concerning both the developers of apps and their users are still to be either defined or interpreted. It is to be noted that the fact that Union legislation could not yet address latest developments in this sector nor did the Court have the opportunity to clarify the applicability of existing legislation on these newly developed apps, still leaves room for interpretation. The aim of this Staff Working Document is to provide simple guidance as to the EU applicable legislation. Where this is not yet possible because of the above mentioned reasons, the Commission services will not purport to provide any interpretation as this is the role of the Court of Justice of the European Union, as well as for any question of interpretation of EU legislation. 2. EU SAFETY AND PERFORMANCE REQUIREMENTS Some mhealth apps may fall under the definition of a medical device or of an in-vitro diagnostic medical device and therefore may have to comply with the safety and performance requirements of Directive 93/42/EEC concerning medical devices or Directive 98/79/EC on in vitro diagnostic medical devices respectively. On 26 September 2012, the European Commission adopted two Proposals, one for a Regulation on medical devices and the other for a Regulation on in vitro diagnostic medical devices which will, once adopted, replace the existing legal framework applicable to medical devices in the Union. There are no binding rules in the Union as to the delimitation between lifestyle and wellbeing apps and a medical device or in vitro diagnostic medical device. Since January 2012, in order to help software developers and manufacturers identify whether their products fall or not under the Directive on medical devices or the Directive on in vitro diagnostic medical devices, the Commission's services have issued some guidance on this issue which will be continuously updated 1. It is not yet clear if and to what extent lifestyle and wellbeing apps could pose a risk to citizens' health. However, when placing an app on the market, an app developer needs to know whether he has to comply with any Union safety requirements. Due to the fact that both the General Products Safety Directive and the Directive on liability for defective products apply to manufactured products, it is not yet clear if and to what extent they apply to lifestyle and wellbeing apps. 1 Guidelines on the qualification and classification of stand-alone software used in healthcare within the regulatory framework of medical devices, MEDDEV 2.1/6 January

4 3. APP USERS' RIGHTS 3.1. Right to privacy and to data protection Apps are able to collect large quantities of data (e.g. data stored on the device by the user and data from different sensors, including location) and process these in order to provide new and innovative services to the end user. App developers, unaware of the data protection requirements, may create unwanted threats to the privacy and reputation of users of smart devices. The relevant legal framework applicable is composed of the Data Protection Directive 2 and the eprivacy Directive 3. These rules apply to any apps installed/used by users in the EU, regardless of the location of the app developer or the app store 4. Data Protection Directive The national laws transposing the directive impose obligations on data controllers and data processors. Data controllers are natural or legal persons, which determine the purposes and means of the processing of personal data; whereas data processors are natural or legal persons, which process personal data on behalf of controllers. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes, as well as adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. The legal ground for processing personal data varies according to the nature of the data processed as summarised below: General data Sensitive data such as data related to health Processing authorised for a legitimate purpose such as: Principle of prohibition to process with limited derogations such as: the data subject has unambiguously given its consent; processing is necessary for contract performance; processing is necessary to comply with a legal the explicit consent of the data subject; except where in accordance with national law the prohibition to process such personal data cannot be lifted by the consent of the data subject; the vital interest of the data subject or of another person where the data subject is Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.oj L 281, , p. 31. It is currently under revision, see Commission proposal: DIRECTIVE 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) as modified by Directive 2009/136/EC, OJ L.337, p11, Data protection rules are applicable not only when the data controller is established within the EU, but whenever the data controller uses equipment situated within the EU, such as smart devices, in order to process data (Article 4 of the Directive). 4

5 obligation on the data controller; the legitimate interests of the data controller in so far as not overridden by the interests for fundamental rights and freedom of the data subject. physically or legally incapable of giving his consent; where processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services, and where those data are processed by a health professional or any professional bound by the obligation of secrecy. Personal data concerning health includes information on both the physical and mental health of an individual. According to the Article 29 Data Protection Working Party 5 health data should cover any personal data closely linked to the health status of a person, such as genetic data or data on consumption of medicinal products or drugs. Lifestyle and wellbeing apps can collect indifferently personal data of general nature (e.g. information on the data subject's hobbies) and health data (e.g. heartbeat or oxygenation of the blood). The processing of personal data concerning health is in principle prohibited as these data are considered sensitive. However, such processing can be authorised in strictly limited circumstances (see table above). One exemption to the prohibition to process data related to health is based on the performance of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services. This derogation requires that the processing is done by a health professional or any professional bound by the obligation of secrecy (Article 8(3) of the Directive). Other exemptions to the prohibition of the processing of personal data concerning health may be laid down by Member States, for reasons of substantial public interest, either by law or by decision of the supervisory authority, subject to suitable safeguards (Article 8(4) of the Directive). The data subject's explicit consent to the processing of his health data must be freely given, informed and specific and cannot be considered as a blanket leave for the controller to process health data in breach of for instance the principle of purpose limitation. Hence, data collected for the purpose of mhealth services cannot be further processed for commercial purposes, unless the data subject, duly informed, has specifically and explicitly consented to the processing of his data for those other commercial purposes. According to the principle of purpose limitation, aforesaid purpose must be specified, explicit and legitimate. The other principles relating to data quality (including data minimisation, data retention limitation and the adoption of appropriate safeguards in this regard) are applicable too (Article 6 of the Directive). Data controllers must notify the relevant national data protection authorities before carrying out operations of processing of personal data (Article 18 of the Directive). 5 Article 29 Working Party Working Document on the processing of personal data relating to health in electronic health records, 15 February

6 The Article 29 Working Party recently published an opinion "on apps on smart devices", which seeks to clarify the legal obligations of each of the parties involved in the development and distribution of apps 6. The Opinion offers some guidance to all the players, in particular the need to provide clear and unambiguous information about data processing to users (e.g. the types of data processed, the purposes for processing and data retention periods). It should be made available in a clear and unambiguous format prior to the installation of the app (e.g. in the description of the app on the app store) and apps/app developers should not alter the purposes or types of data collected without seeking further consent from the end-user. In addition, whenever automated decisions are taken based on the compiled data, the data subject may obtain from the controller by way of an access request information about the logic behind those decisions (wording of Article 12 of the Directive). This might be the case when the user's performance or conduct is evaluated based on health data. Subject to user request, the app controller also must enable rectification, erasure or blocking of personal data if they are incomplete, inaccurate or processed unlawfully. Furthermore, third parties may also be involved in the data processing of data related to health, for instance if the app developer has outsourced some or all of the data processing to a third party, which may thus assume the role of a data processor. If the third party processes personal data for its own purposes, it may also be a joint data controller with the app developer. It must therefore ensure respect of all data protection principles, in particular the purpose limitation principle, and security obligations for the part of the processing for which it determines purposes and means. The respective responsibility of each party will have to be established on a case-by-case basis. If the data processed by the third party are personal data related to health, it will have to obtain for the explicit consent of the user as the processing will be done for a distinct purpose than the one of the app developer. In accordance with national law there might also be cases where the prohibition to process sensitive personal data cannot be lifted at all by the consent of the data subject. The level of complexity of identifying the role of a third party can be well illustrated by the case of cloud computing providers as they can according to the specific circumstances be either data processors or data controllers or both at the same time. The Article 29 Working Party opinion on cloud computing 7 provides useful guidance on the application of existing data protection rules to cloud providers 8. In the EU, the current Data Protection Directive 9 is being revised in order to better respond to challenges posed by the rapid development of new technologies and globalisation. The Article 29 Working Party "Opinion 02/2013 on apps on smart devices", 27 February Article 29 WP "Opinion 05/2012 on Cloud Computing", The guidance clarifies that a cloud provider can be either a data controller or data processor according to different circumstances, and also what is the law applicable in case the place of establishment of a cloud provider may be hard to determine. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, L 281/31,

7 proposal for a General Data Protection Regulation repealing the Data Protection Directive will prevent fragmentation in the way data protection is implemented across the European Economic Area, while ensuring legal certainty and a consistent and high level of protection of individuals 10. e-privacy Directive The eprivacy Directive 11 sets a specific standard to any entity worldwide that wishes to store or access information stored in devices of users located in the European Economic Area. Its main provisions are: Cookies. The storing of information or the access to information already stored in the terminal equipment of a user is only allowed on condition that he has given his consent, having been provided with clear and comprehensive information about the purposes of the processing (Article 5(3) of this Directive). This consent requirement applies to any information (i.e. not limited to personal data as information can be any type of data stored on the device). This means that when installing an app, users should be given the choice to accept or refuse cookies or similar tracking technologies to be placed on their device. It should be noted that this consent needs to be distinguished from the one given for authorising the processing of personal data as it relates to the purpose of storing information or gaining access to information already stored in the smart device. However, data controllers can collect consent for both processing operations at the same time, either during the installation or before the app starts to collect personal data from the device. Data breach notification duty. It imposes an obligation on providers of publicly available electronic communications services (e.g. Telecom operators) to provide notice in the event of a data security breach Other rights Consumers' rights Directive When a consumer buys an app in the EU, the Consumer rights Directive 12 ensures a uniform EU-wide level of protection. Traders have to comply with a series of requirements when a consumer buys a lifestyle and wellbeing app online (this purchase of an app is a "distance contract" under the directive). Although the directive expressly excludes contracts for healthcare, the process of purchasing a lifestyle and wellbeing app cannot be considered per se a contract for the provision of healthcare. Therefore the directive covers lifestyle and wellbeing apps COM(2012) 11 final. eprivacy Directive 2002/58/EC, as revised by Directive 2009/136/EC. Directive 2011/83/EC on consumers' rights. This Directive repeals Directive 97/7/EC as of 13 June

8 The trader is considered to be either the app store (when the consumer downloads an app from an app store) or the app developers (in cases where the consumer buys the app directly from them). Before the conclusion of a distance contract for the acquisition of an app, the trader has to provide the consumer with a series of information, in particular on: the main characteristics of the app the identity of the trader and his contact details the total price and any additional charges of the app the arrangements for payment where a right of withdrawal exists, the conditions for exercising that right and the model withdrawal form where a right of withdrawal does not exist, the information on that fact or the circumstances under which the consumer loses his right of withdrawal the duration of the contract and in case of an indeterminate duration the conditions for terminating the contract where applicable, the minimum duration of the consumer's obligations under the contract the functionality of digital content, including applicable technical protection measures any relevant interoperability of digital content with hardware and software that the trader has to be aware of any relevant codes of conduct. The trader has to provide the mentioned information in a clear and understandable language and in a way appropriate to the means of distance communication. This means that when the app is downloaded on a mobile phone, the limited size of the phone display may have an impact on the amount of information that should be provided prior to the conclusion of the contract. If the means of distance communication allows only for limited space or time to display the information, the trader must provide, on that particular means of communication, the most important pre-contractual information (presented in bold print in the above table) whilst making available the complete information through, for example, a hyperlink. The consumer has a 14-day period to withdraw from the contract. However, the trader can offer the consumer an immediate performance of the contract to which the consumer must expressly consent before the withdrawal period has lapsed while acknowledging that he thereby loses his right of withdrawal. After the conclusion of the contract and at the latest before the performance of the service begins, the trader has to provide, on a durable medium (e.g. an or a pdf file, but not a link to a website), a confirmation of the contract comprising all the information in the above table. 8

9 The trader has to inform the consumer directly before he places his order about the main characteristics, the total price, the duration and termination of the contract and the minimum duration of the consumer's obligations under the contract. The trader has to ensure that the consumer explicitly acknowledges that the order implies an obligation to pay, by labelling the order button with words "order with obligation to pay" or an equivalent unambiguous formulation. If the trader does not comply with this obligation, the consumer is not bound by the contract Rights enshrined in ecommerce Directive The ecommerce Directive 13 mainly contains information requirements to be provided by service providers, being legal or natural persons, providing information society services 14. App stores, which are selling lifestyle and wellbeing apps, are providing information society services, as they provide such services "for remuneration, at a distance, by electronic means and at the individual request of a recipient of services". App developers, when they are directly selling the apps, are also providing information society services. 'Free' apps are also regulated as the directive covers any economic activity, including cases in which the remuneration is received from other sources, such as advertising. Information society service providers must comply with the law of the Member State in which they are established as regards the setting-up and exercise of their information society activities. This however does not preclude Member States to take any appropriate measure against the service provider established outside of the EU for reasons of public interest. The ecommerce Directive lays down general information requirements which a service provider (e.g. an app store) has to provide before the recipient places his order (i.e. before buying the app). The main provisions are summarised below: General information to be provided: name, address and address of the service provider price, tax and delivery costs the relevant trade register when applicable Information to be provided before placing an order: the different technical steps for concluding the contract the technical means for identifying and correcting input errors Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market. An information society service is "any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services". 9

10 the languages offered for the conclusion of the contract any relevant code of conduct the contract terms and general conditions must be made available in a way that allows the recipient to store and reproduce them As soon as the consumer has placed his order, the service provider has to acknowledge the receipt of the order. The ecommerce Directive also provides for a framework of liability for intermediary information society service providers. Depending on the nature of their activities, app stores may be regarded as hosting service providers 15 as they provide storage of information provided by the app developer (i.e. information being the app itself). In this context, the hosting service provider may not be held liable for the information stored at the request of the recipient of the service (i.e. the app developer or owner) on the condition that: the provider does not have the actual knowledge of an illegal activity or information, and as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or disable access to the information. Whether these conditions are met, would need to be assessed on a case by case basis as there may be different solutions employed by app stores when providing a platform offering lifestyle and wellbeing apps Rights enshrined in Unfair Commercial Practices Directive The Directive on Unfair Commercial Practices 16 intends to maintain a consumer's freedom of choice by prohibiting unfair commercial practices by traders. The directive applies to all business-to-consumer commercial practices, including the selling of lifestyle and wellbeing apps. A commercial practice is considered unfair if it does not comply with the principle of professional diligence and is likely to distort the economic behaviour of the average consumer. In particular, commercial practices are unfair if they are misleading or aggressive: Misleading: practice which contains false information or is in its overall impression likely to deceive the consumer Aggressive: practice which is likely to significantly impair a consumer's freedom of choice by harassment, coercion or undue influence 15 Article 14 of the ecommerce Directive Directive 2005/29/EC concerning unfair business-to-consumer commercial practices in the internal market. 10

11 practice which omits material information that the consumer needs to take an informed purchase decision, or by which a trader hides or provides such information in an unclear, unintelligible, ambiguous or untimely manner AND causes the consumer to take a transactional decision that he would not have taken otherwise. This means that when promoting or selling their products, traders app stores or app developers have to avoid any practices which could mislead a consumer or which could compromise his freedom of choice. Annex I of the directive contains a list of 31 practices which are in all circumstances considered unfair. Some examples of misleading commercial practices, which can be relevant with regard to lifestyle and wellbeing apps: false claim on being signatory to a code of conduct or on the approval of the product by a public or private body (e.g. EC conformity marking) using trust or quality marks without the necessary authorisation false claims that a product is able to cure illnesses, dysfunction or malformations. 11

Giuseppe Busia Segretario generale Garante per la protezione dei dati personali

Giuseppe Busia Segretario generale Garante per la protezione dei dati personali mhealth enablers panel The Health & Wellness @ Mobile World Congress 2015 Giuseppe Busia Segretario generale Garante per la protezione dei dati personali 1 mhealth main concern Mobile Health (mhealth)

More information

THE PROMO OF MEDICAL DEVICES IN THE EUROPEAN UNION. February 2010 SPECIAL REPRINT. By Elisabethann Wright, oussanov

THE PROMO OF MEDICAL DEVICES IN THE EUROPEAN UNION. February 2010 SPECIAL REPRINT. By Elisabethann Wright, oussanov February 2010 SPECIAL REPRINT UNDERSTANDING THE PROMO OMOTION OF MEDICAL DEVICES IN THE EUROPEAN UNION By Elisabethann Wright, Fabien Roy and Alexander Roussano oussanov Reproduced with the kind permission

More information

Under European law teleradiology is both a health service and an information society service.

Under European law teleradiology is both a health service and an information society service. ESR statement on the European Commission Staff Working Document on the applicability of the existing EU legal framework to telemedicine services (SWD 2012/413). The European Society of Radiology (ESR)

More information

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

THE CONSUMER PROTECTION FROM UNFAIR TRADING REGULATIONS 2008

THE CONSUMER PROTECTION FROM UNFAIR TRADING REGULATIONS 2008 THE CONSUMER PROTECTION FROM UNFAIR TRADING REGULATIONS 2008 A guide for businesses about the requirements of the Consumer Protection from Unfair Trading Regulations 2008. This leaflet is intended as a

More information

Consumer Protection from Unfair Trading Regulations 2008. Known as the CPRs

Consumer Protection from Unfair Trading Regulations 2008. Known as the CPRs Consumer Protection from Unfair Trading Regulations 2008 Known as the CPRs Gloucestershire County Council Trading Standards Service Jason Poole Enforcement Officer and Financial Investigator The CPRs have

More information

Consumer protection from unfair trading

Consumer protection from unfair trading Consumer protection from unfair trading The Consumer Protection from Unfair Trading Regulations 2008 (known as the CPRs) cover commercial practices between traders and consumers and introduce a general

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

The New Misleading Marketing Regime May 2008

The New Misleading Marketing Regime May 2008 The New Misleading Marketing Regime May 2008 www.olswang.com 1 On 26 May 2008 two new sets of regulations will come into force in the UK, the first of which protects consumers from unfair, misleading and

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

Comments and proposals on the Chapter II of the General Data Protection Regulation

Comments and proposals on the Chapter II of the General Data Protection Regulation Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

EU regulatory framework for e-commerce

EU regulatory framework for e-commerce EU regulatory framework for e-commerce WTO Workshop Geneva, 18 th June 2013 Denis Sparas European Commission Directorate General for Internal Market and Services Outline E-commerce Directive E-commerce

More information

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy

EUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice

More information

Distance selling: sale of consumer goods over the internet or telephone etc

Distance selling: sale of consumer goods over the internet or telephone etc Distance selling: sale of consumer goods over the internet or telephone etc Standard Note: SN/HA/5761 Last updated: 23 February 2012 Author: Section Lorraine Conway Home Affairs Section Many people shop

More information

Working Document 02/2013 providing guidance on obtaining consent for cookies

Working Document 02/2013 providing guidance on obtaining consent for cookies ARTICLE 29 DATA PROTECTION WORKING PARTY 1676/13/EN WP 208 Working Document 02/2013 providing guidance on obtaining consent for cookies Adopted on 2 October 2013 This Working Party was set up under Article

More information

Common position of national authorities within the CPC Network

Common position of national authorities within the CPC Network Common position of national authorities within the CPC Network Assessment of proposals made by Apple, Google and relevant trade associations regarding in-app purchases in online games By letter dated 9

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

The Consumer Protection from Unfair Trading Regulations 2008

The Consumer Protection from Unfair Trading Regulations 2008 Trading Standards Service Factsheet The Consumer Protection from Unfair Trading Regulations 2008 Background The Consumer Protection from Unfair Trading Regulations 2008 (CPR s), came into force on 26 th

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

4-column document Net neutrality provisions (including recitals)

4-column document Net neutrality provisions (including recitals) 4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN

More information

OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data

OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas

More information

Section X XXXXXXXX. Guidelines on publication of user reviews, 1 May 2015 Guidelines 2015

Section X XXXXXXXX. Guidelines on publication of user reviews, 1 May 2015 Guidelines 2015 Section X XXXXXXXX Guidelines on publication of user reviews, 1 May 2015 Guidelines 2015 GUIDELINES ON PUBLICATION OF USER REVIEWS, 1 MAY 2015 May 2015 Guidelines prepared by the Danish Consumer Ombudsman

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

Protection for Insurance Customer Under Turkish Laws

Protection for Insurance Customer Under Turkish Laws Protection for Insurance Customer Under Turkish Laws Presentation to the AIDA_Turkish Insurance Law Association Ahmet Karayazgan, Karayazgan Law Firm Istanbul, May 3, 2012 1 Part 1 Definition of Insurance

More information

European Commission initiatives on e- and mhealth

European Commission initiatives on e- and mhealth European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being,

More information

ARTICLE 29 Data Protection Working Party

ARTICLE 29 Data Protection Working Party ARTICLE 29 Data Protection Working Party 11601/EN WP 90 Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC Adopted on 27 February 2004 This Working

More information

Legal compliance for developers. Training materials (prepared by Tilburg University)

Legal compliance for developers. Training materials (prepared by Tilburg University) Legal compliance for developers using FI-STAR ehealth platform Training materials (prepared by Tilburg University) Target audience: Target audience and objectives developers & other potential users of

More information

INERTIA ETHICS MANUAL

INERTIA ETHICS MANUAL SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications Brussels, October 8 th 2008 Online Security, Traffic Data and IP Addresses Review of the Regulatory Framework for Electronic Communications Francisco Mingorance Senior Director Government Affairs franciscom@bsa.org

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters 15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters Principle 1 (Protection of rights and freedoms) 1. Personal data must

More information

ilinc Legal & Technology Briefs The Limited Liability of Internet Intermediaries In the EU

ilinc Legal & Technology Briefs The Limited Liability of Internet Intermediaries In the EU ilinc Legal & Technology Briefs The Limited Liability of Internet Intermediaries In the EU Within the online environment, start-ups often fulfil an intermediary role. Many intermediary start-ups offer

More information

Law 103(I) of 2007 THE UNFAIR BUSINESS-TO-CONSUMER COMMERCIAL PRACTICES LAW. The House of Representatives hereby enacts the following provisions:

Law 103(I) of 2007 THE UNFAIR BUSINESS-TO-CONSUMER COMMERCIAL PRACTICES LAW. The House of Representatives hereby enacts the following provisions: Government Gazette Supplement 1(1) No. 4135, 18.7.2007 Law 103(1)/2007 The Unfair Business-To-Consumer Commercial Practices Law of 2007 is promulgated by publication in the Government Gazette of the Republic

More information

GUIDANCE NOTES FOR MANUFACTURERS OF CLASS I MEDICAL DEVICES

GUIDANCE NOTES FOR MANUFACTURERS OF CLASS I MEDICAL DEVICES Foreword GUIDANCE NOTES FOR MANUFACTURERS OF CLASS I MEDICAL DEVICES These guidance notes do not aim to be a definite interpretation of National Laws and/or regulations and are for guidance purpose only.

More information

Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity

Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity /competition law related provisions of the Act/ In order to protect the health of citizens, in particular

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

THE MACAO SPECIAL ADMINISTRATIVE REGION. Act 8/2005. Personal Data Protection Act

THE MACAO SPECIAL ADMINISTRATIVE REGION. Act 8/2005. Personal Data Protection Act THE MACAO SPECIAL ADMINISTRATIVE REGION Act 8/2005 Personal Data Protection Act Under Article 71 (1) of the Basic Law of the Macao Special Administrative Region, the Legislative Council hereby decrees

More information

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data 1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof, 28.8.2014 Official Journal of the European Union L 257/73 REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60

COUNCIL OF THE EUROPEAN UNION. Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60 COUNCIL OF THE EUROPEAN UNION Brussels, 23 June 2010 (OR. en) 10858/10 Interinstitutional File: 2009/0009 (CNS) FISC 60 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: COUNCIL DIRECTIVE amending Directive

More information

REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General

More information

Declaration of Internet Rights Preamble

Declaration of Internet Rights Preamble Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It

More information

ilinc Legal & Technology Briefs The Liability of Internet Intermediaries In the EU

ilinc Legal & Technology Briefs The Liability of Internet Intermediaries In the EU ilinc Legal & Technology Briefs The Liability of Internet Intermediaries In the EU Many start-ups fulfil an intermediary role within the online environment. These intermediary start-ups offer their users

More information

AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM

AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM On 25 January 2012, the European Commission published a proposal to reform the European data protection legal regime. One

More information

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION. Towards a European Charter on the Rights of Energy Consumers

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION. Towards a European Charter on the Rights of Energy Consumers COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 5.7.2007 COM(2007)386 final COMMUNICATION FROM THE COMMISSION Towards a European Charter on the Rights of Energy Consumers EN EN 1. INTRODUCTION In the

More information

5439/15 PT/ek 1 DG E

5439/15 PT/ek 1 DG E Council of the European Union Brussels, 20 January 2015 5439/15 Interinstitutional File: 2013/0309 (COD) TELECOM 17 COMPET 12 MI 28 CONSOM 13 CODEC 70 NOTE from: Presidency to: Delegations No. Cion prop.:

More information

1 September /552

1 September /552 Foreword from the Chair of the ICC Commission on the Digital Economy Paris, 1 April 2016 The International Chamber of Commerce (ICC) policy inventory on the European Union (EU) General Data Protection

More information

CISCO MERAKI EU DATA PROCESSING ADDENDUM

CISCO MERAKI EU DATA PROCESSING ADDENDUM Meraki LLC 500 Terry Francois Blvd. San Francisco, CA 94158 T 415.432.1000 CISCO MERAKI EU DATA PROCESSING ADDENDUM This EU Data Processing Addendum ( DPA ) forms part of the End Customer Agreement (the

More information

Comparison of the Parliament and Council text on the General Data Protection Regulation

Comparison of the Parliament and Council text on the General Data Protection Regulation Comparison of the Parliament and Council text on the General Data Protection Regulation General comments The Council text and the Parliament text are both based on the Commission's proposal and as such

More information

INTELLECTUAL PROPERTY LAW IN THE INFORMATION SOCIETY

INTELLECTUAL PROPERTY LAW IN THE INFORMATION SOCIETY INTELLECTUAL PROPERTY LAW IN THE INFORMATION SOCIETY IP LAW AND LINKING AND SEARCH ENGINES J A R L E R O A R S Æ B Ø EXHAUSTION PRINCIPLE (MOVED FRO LAST LECTURE) Article 7 Exhaustion of the rights conferred

More information

CCBE POSITION ON THE PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL

CCBE POSITION ON THE PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL CCBE POSITION ON THE PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL ON CONSUMER RIGHTS DIRECTIVE COM(2008) 614/3 CCBE position on The Proposal for a Directive of the European Parliament

More information

relation to the processing of personal data

relation to the processing of personal data 08/12/1992 Act of 8 December 1992 on the protection of privacy in relation to the processing of personal data (Belgian Official Journal, 18 March 1993) Consolidated version 07/04/2014 Unofficial English

More information

LEGAL REQUIREMENTS FOR ONLINE SALE IRELAND

LEGAL REQUIREMENTS FOR ONLINE SALE IRELAND LEGAL REQUIREMENTS FOR ONLINE SALE IRELAND MARCH 2014 THE PURPOSE OF THIS NOTE IS TO EXPLAIN THE MAIN LEGAL REQUIREMENTS FOR A TRADER WHO WISHES TO CONDUCT ONLINE BUSINESS IN IRELAND THE EUROPEAN COMMUNITIES

More information

DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA)

DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA) DATA PROCESSING ADDENDUM (FOR TRANSFERS PERSONAL DATA OUTSIDE THE EEA) How this Data Processing Addendum (DPA) works: On October 6 2015, the European Court of Justice declared the Safe Harbor framework

More information

DATA PROTECTION LAWS OF THE WORLD. India

DATA PROTECTION LAWS OF THE WORLD. India DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,

More information

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case

More information

MARKETING LAW and UNFAIR COMPETITION

MARKETING LAW and UNFAIR COMPETITION MARKETING LAW and UNFAIR COMPETITION April 27, 2015 Stojan Arnerstål stojan.arnerstal@jur.uu.se Marketing Need to consider various legal areas: Marketing law Intellectual property rights Competition law

More information

***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012

***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012 EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 17.12.2012 2012/0011(COD) ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council

More information

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010. Panel IV: Privacy and Cloud Computing

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010. Panel IV: Privacy and Cloud Computing Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010 Panel IV: Privacy and Cloud Computing Data Protection and Cloud Computing under EU law Peter Hustinx European Data Protection

More information

5419/16 ADD 1 VH/np 1 DGD 2C

5419/16 ADD 1 VH/np 1 DGD 2C Council of the European Union Brussels, 17 March 2016 (OR. en) Interinstitutional File: 2012/0011 (COD) 5419/16 ADD 1 DRAFT STATEMT OF THE COUNCIL'S REASONS Subject: DATAPROTECT 2 JAI 38 MI 25 DIGIT 21

More information

Personal Data Act (523/1999)

Personal Data Act (523/1999) 1 NB: Unofficial translation Personal Data Act (523/1999) Chapter 1 General provisions Section 1 Objectives The objectives of this Act are to implement, in the processing of personal data, the protection

More information

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION

More information

Comments and proposals on the Chapter III of the General Data Protection Regulation

Comments and proposals on the Chapter III of the General Data Protection Regulation Comments and proposals on the Chapter III of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon, Bits of Freedom, FIPR and Privacy International

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

Position of the Nordic Consumer Ombudsmen on social media marketing of 3 May 2012

Position of the Nordic Consumer Ombudsmen on social media marketing of 3 May 2012 Position of the Nordic Consumer Ombudsmen on social media marketing of 3 May 2012 Contents Introduction 1. General information 2. Marketing messages must be identifiable as marketing 3. Unsolicited electronic

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011

List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011 List of the general good provisions applicable to insurance and reinsurance intermediaries FEBRUARY 2011 The general good provisions have been listed in compliance with the conditions envisaged by the

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

26.3.2014 A7-0365/133

26.3.2014 A7-0365/133 26.3.2014 A7-0365/133 Amendment 133 Amalia Sartori on behalf of the Committee on Industry, Research and Energy Report A7-0365/2013 Marita Ulvskog Electronic identification and trust services for electronic

More information

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities

More information

Personal Data Protection

Personal Data Protection Data Protection Personal Data Protection Protection of personal data Living in an area of freedom, security and justice Croatia and Turkey Screening Chapter 23 - Judiciary and fundamental rights Brussels,

More information

Insurance: Conduct of Business

Insurance: Conduct of Business Insurance: Conduct of Business ICOBS Contents Insurance: Conduct of Business ICOBS 1 Application 1.1 The general application rule 1 Annex 1 Application (see ICOBS 1.1.2 ) ICOBS 2 eneral matters 2.1 Client

More information

ELECTRONIC COMMERCE DIRECTIVE, DIRECTIVE 2000/31/EC OF THE EUROPEAN PARLIAMENT AND

ELECTRONIC COMMERCE DIRECTIVE, DIRECTIVE 2000/31/EC OF THE EUROPEAN PARLIAMENT AND ELECTRONIC COMMERCE DIRECTIVE, DIRECTIVE 2000/31/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL * * * * THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION, Whereas: (1) The European Union

More information

COMMISSION REGULATION (EU) No /.. of XXX

COMMISSION REGULATION (EU) No /.. of XXX EUROPEAN COMMISSION Brussels, XXX D... [ ](2012) XXX draft COMMISSION REGULATION (EU) No /.. of XXX establishing a Union Registry pursuant to Directive 2003/87/EC of the European Parliament and of the

More information

Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment

Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment ("Cookie Order") 2nd version, April 2013 Preface...3 1. Introduction...5

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

MiFID II Key aspects. I. Introduction

MiFID II Key aspects. I. Introduction MiFID II Key aspects I. Introduction Yesterday the final texts of the revised Markets in Financial Instruments Directive were published in the Official Journal of the European Union. The texts consist

More information

Data Protection A Guide for Users

Data Protection A Guide for Users Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection

More information

DATA PROTECTION: THE EU REFORM PROPOSALS Timothy Pitt-Payne QC

DATA PROTECTION: THE EU REFORM PROPOSALS Timothy Pitt-Payne QC DATA PROTECTION: THE EU REFORM PROPOSALS Timothy Pitt-Payne QC INTRODUCTION 1. The Commission s reform proposals are set out in detail at: http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 21.9.2005 COM(2005) 438 final 2005/0182 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the retention of data processed

More information

Council of the European Union Brussels, 26 June 2015 (OR. en)

Council of the European Union Brussels, 26 June 2015 (OR. en) Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

CHAPTER I GENERAL PROVISIONS

CHAPTER I GENERAL PROVISIONS Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data

More information

International Data Transfer Agreement

International Data Transfer Agreement International Data Transfer Agreement Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third

More information

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, XXX COM(2012) 11/3 draft Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal

More information

Having regard to the Treaty establishing the European Community, and in particular Article 95(1) thereof,

Having regard to the Treaty establishing the European Community, and in particular Article 95(1) thereof, L 268/24 REGULATION (EC) No 1830/2003 OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL of 22 September 2003 concerning the traceability and labelling of genetically modified organisms and the traceability of

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

Real Estate Agents Act (Professional Conduct and Client Care) Rules 2012

Real Estate Agents Act (Professional Conduct and Client Care) Rules 2012 Real Estate Agents Act (Professional Conduct and Client Care) Rules 2012 Contents Page 1 Title 1 2 Commencement 1 3 Scope and objectives 1 4 Interpretation 1 5 Standards of professional competence 2 6

More information

Council of the European Union Brussels, 27 April 2015 (OR. en)

Council of the European Union Brussels, 27 April 2015 (OR. en) Council of the European Union Brussels, 27 April 2015 (OR. en) Interinstitutional File: 2013/0309 (COD) 8337/15 LIMITE TELECOM 97 COMPET 169 MI 268 CONSOM 68 CODEC 603 NOTE From: Presidency To: Delegations

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 31 May 2013 10227/13 ADD 1. Interinstitutional File: 2012/0011 (COD)

COUNCIL OF THE EUROPEAN UNION. Brussels, 31 May 2013 10227/13 ADD 1. Interinstitutional File: 2012/0011 (COD) COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 Interinstitutional File: 2012/0011 (COD) 10227/13 ADD 1 DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 ADDENDUM TO NOTE

More information

12555/15 CHS/KR/np 1 DGD 2C

12555/15 CHS/KR/np 1 DGD 2C Council of the European Union Brussels, 2 October 2015 (OR. en) Interinstitutional File: 2012/0010 (COD) 12555/15 NOTE From: To: Presidency Council No. prev. doc.: 12266/15 No. Cion doc.: 5833/12 Subject:

More information